Here are some libvorbis CVE fixes cherry-picked from master. The bugs affect at least rocko, pyro and morty, I haven't checked older stable branches. I don't know in which libvorbis version the bugs were introduced.
These patches apply to rocko and pyro. The patches don't apply cleanly to morty, so I'll send the morty patches separately. Tanu Kaskinen (3): libvorbis: CVE-2017-14633 libvorbis: CVE-2017-14632 libvorbis: CVE-2018-5146 .../libvorbis/libvorbis/CVE-2017-14632.patch | 62 +++++++++++++ .../libvorbis/libvorbis/CVE-2017-14633.patch | 42 +++++++++ .../libvorbis/libvorbis/CVE-2018-5146.patch | 100 +++++++++++++++++++++ .../libvorbis/libvorbis_1.3.5.bb | 3 + 4 files changed, 207 insertions(+) create mode 100644 meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch create mode 100644 meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch create mode 100644 meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch -- 2.16.2 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
